I am trying to put authentication to the mongo shard cluster which is running in docker swarm.
docker-compose.yml file:
version: "3.3"
services:
cfg1-r1:
image: mongo:3.4.9
deploy:
placement:
constraints: [node.hostname == ram-ThinkPad-E470]
restart_policy:
condition: on-failure
volumes:
- /opt/mongosharddb/db-data:/var/lib/mongodb
- /opt/mongosharddb/mongod.conf:/etc/mongod.conf
- /opt/mongosharddb/mongodb-keyfile:/srv/mongodb-keyfile
networks:
- mongoshard
command: ["mongod", "--configsvr", "--replSet", "rs0", "--dbpath", "/var/lib/mongodb", "--port", "27017"]
#command: ["mongod", "--configsvr", "--replSet", "rs0", "--dbpath", "/var/lib/mongodb", "--port", "27017", "--keyFile", "/srv/mongodb-keyfile"]
cfg2-r1:
image: mongo:3.4.9
deploy:
placement:
constraints: [node.hostname == prasanna-ThinkPad-E470]
restart_policy:
condition: on-failure
volumes:
- /opt/mongosharddb/db-data:/var/lib/mongodb
- /opt/mongosharddb/mongod.conf:/etc/mongod.conf
- /opt/mongosharddb/mongodb-keyfile:/srv/mongodb-keyfile
networks:
- mongoshard
command: ["mongod", "--configsvr", "--replSet", "rs0", "--dbpath", "/var/lib/mongodb", "--port", "27017"]
#command: ["mongod", "--configsvr", "--replSet", "rs0", "--dbpath", "/var/lib/mongodb", "--port", "27017", "--keyFile", "/srv/mongodb-keyfile"]
shard1-repl1:
image: mongo:3.4.9
deploy:
placement:
constraints: [node.hostname == prasanna-ThinkPad-E470]
restart_policy:
condition: on-failure
volumes:
- /opt/mongosharddb/mongod.conf:/etc/mongod.conf
- /opt/mongosharddb/db-shard:/var/lib/mongodb
- /opt/mongosharddb/mongodb-keyfile:/srv/mongodb-keyfile
networks:
- mongoshard
command: ["mongod", "--shardsvr", "--replSet", "s1-r1", "--dbpath", "/var/lib/mongodb", "--port", "27017"]
#command: ["mongod", "--shardsvr", "--replSet", "s1-r1", "--dbpath", "/var/lib/mongodb", "--port", "27017", "--keyFile", "/srv/mongodb-keyfile"]
shard2-repl1:
image: mongo:3.4.9
deploy:
placement:
constraints: [node.hostname == Trisundhar]
restart_policy:
condition: on-failure
volumes:
- /opt/mongosharddb/mongod.conf:/etc/mongod.conf
- /opt/mongosharddb/db-shard:/var/lib/mongodb
- /opt/mongosharddb/mongodb-keyfile:/srv/mongodb-keyfile
networks:
- mongoshard
command: ["mongod", "--shardsvr", "--replSet", "s1-r1", "--dbpath", "/var/lib/mongodb", "--port", "27017"]
#command: ["mongod", "--shardsvr", "--replSet", "s1-r1", "--dbpath", "/var/lib/mongodb", "--port", "27017", "--keyFile", "/srv/mongodb-keyfile"]
shard1-repl2:
image: mongo:3.4.9
deploy:
placement:
constraints: [node.hostname == Ravi-ThinkPad-E470]
restart_policy:
condition: on-failure
volumes:
- /opt/mongosharddb/mongod.conf:/etc/mongod.conf
- /opt/mongosharddb/db-shard:/var/lib/mongodb
- /opt/mongosharddb/mongodb-keyfile:/srv/mongodb-keyfile
networks:
- mongoshard
command: ["mongod", "--shardsvr", "--replSet", "s2-r2", "--dbpath", "/var/lib/mongodb", "--port", "27017"]
#command: ["mongod", "--shardsvr", "--replSet", "s2-r2", "--dbpath", "/var/lib/mongodb", "--port", "27017", "--keyFile", "/srv/mongodb-keyfile"]
shard2-repl2:
image: mongo:3.4.9
deploy:
placement:
constraints: [node.hostname == Dsp-Lenovo]
restart_policy:
condition: on-failure
volumes:
- /opt/mongosharddb/mongod.conf:/etc/mongod.conf
- /opt/mongosharddb/db-shard:/var/lib/mongodb
- /opt/mongosharddb/mongodb-keyfile:/srv/mongodb-keyfile
networks:
- mongoshard
command: ["mongod", "--shardsvr", "--replSet", "s2-r2", "--dbpath", "/var/lib/mongodb", "--port", "27017"]
#command: ["mongod", "--shardsvr", "--replSet", "s2-r2", "--dbpath", "/var/lib/mongodb", "--port", "27017", "--keyFile", "/srv/mongodb-keyfile"]
shard1-repl3:
image: mongo:3.4.9
deploy:
placement:
constraints: [node.hostname == Alu]
restart_policy:
condition: on-failure
volumes:
- /opt/mongosharddb/mongod.conf:/etc/mongod.conf
- /opt/mongosharddb/db-shard:/var/lib/mongodb
- /opt/mongosharddb/mongodb-keyfile:/srv/mongodb-keyfile
networks:
- mongoshard
command: ["mongod", "--shardsvr", "--replSet", "s3-r3", "--dbpath", "/var/lib/mongodb", "--port", "27017"]
#command: ["mongod", "--shardsvr", "--replSet", "s3-r3", "--dbpath", "/var/lib/mongodb", "--port", "27017", "--keyFile", "/srv/mongodb-keyfile"]
shard2-repl3:
image: mongo:3.4.9
deploy:
placement:
constraints: [node.hostname == Acer-Idavalapati]
restart_policy:
condition: on-failure
volumes:
- /opt/mongosharddb/mongod.conf:/etc/mongod.conf
- /opt/mongosharddb/db-shard:/var/lib/mongodb
- /opt/mongosharddb/mongodb-keyfile:/srv/mongodb-keyfile
networks:
- mongoshard
command: ["mongod", "--shardsvr", "--replSet", "s3-r3", "--dbpath", "/var/lib/mongodb", "--port", "27017"]
#command: ["mongod", "--shardsvr", "--replSet", "s3-r3", "--dbpath", "/var/lib/mongodb", "--port", "27017", "--keyFile", "/srv/mongodb-keyfile"]
mongos:
image: mongo:3.4.9
deploy:
replicas: 2
placement:
constraints: [node.hostname == ram-ThinkPad-E470]
restart_policy:
condition: on-failure
volumes:
- /opt/mongosharddb/mongodb-keyfile:/srv/mongodb-keyfile
networks:
- mongoshard
ports:
- 27030:27017
depends_on:
- cfg1-r1
- cfg2-r1
- cfg3-r1
- shard1-repl1
- shard2-repl1
- shard1-repl2
- shard2-repl2
- shard1-repl3
- shard2-repl3
command: ["mongos", "--configdb", "rs0/cfg1-r1:27017", "--port", "27017"]
#command: ["mongos", "--configdb", "rs0/cfg1-r1:27017", "--port", "27017", "--keyFile", "/srv/mongodb-keyfile"]
networks:
mongoshard:
driver: overlay
attachable: true
Deploy: sudo docker stack deploy –with-registry-auth –compose-file docker-compose.yml mongo
I initiated replica set of config server and shard servers. I added shards to mongos. When I put data in the database, sharing is happening among shard servers.
I have done this without authentication. Everything is going well.
But when I try to add authentication I am failing to do.
Steps followed to enable authentication on MongoDB cluster in docker swarm:
Step1: Created required data folders and generated key file and copied this key file to each node.
Step2: Deployed stack file in docker swarm without the key file.
Step3: Initiated config server and shard servers replica set.
Step4: Added users to the mongos, config servers and shard servers.
Step5: Changed the ownership of key file and mongod.conf file in each container.
Ex:sudo docker exec bash -c 'chown -R mongodb:mongodb /srv/mongodb-keyfile /etc/mongod.conf'
Step6: Deployed docker-compose.yml (updated) again in docker swarm with the second command (With key fie). [It runs all containers with key file]
Step7: When I try to add shards to the mongos, I am getting error
mongos> sh.addShard("s3-r3/shard1-repl3:27017")
{
"code" : 133,
"ok" : 0,
"errmsg" : "could not find host matching read preference { mode: \"primary\" } for set s3-r3"
}
I have setup authentication on nodes(without docker). It's working there properly.
Edit: If I add shards to mongos before authentication then sharding is not happening. All the data is going to only one shard (Eg: s3-r3).
logs of other shards (services):
mongo_shard1-repl1.1.fgq9hukdsvmf@prasanna-ThinkPad-E470 | 2017-10-20T07:15:09.338+0000 W NETWORK [ReplicaSetMonitor-TaskExecutor-0] No primary detected for set s1-r1
mongo_shard1-repl1.1.fgq9hukdsvmf@prasanna-ThinkPad-E470 | 2017-10-20T07:15:19.338+0000 W NETWORK [ReplicaSetMonitor-TaskExecutor-0] Failed to connect to 10.0.6.37:27017 after 5000ms milliseconds, giving up.
Best Answer
As per MongoDB BOL Here Use the sh.addShard() method to add each shard to the cluster. If the shard is a replica set, specify the name of the replica set and specify a member of the set. In production deployments, all shards should be replica sets.
The following operation adds a single shard replica set to the cluster:
The following operation is an example of adding a standalone mongod shard to the cluster:
Repeat these steps until the cluster includes all shards.
Enable Sharding for a Database
To proceed, you must be connected to a mongos associated to the target sharded cluster.
Before you can shard a collection, you must enable sharding for the collection’s database. Enabling sharding for a database does not redistribute data but make it possible to shard the collections in that database.
Once you enable
shardingfor a database,MongoDBassigns aprimary shardfor that database whereMongoDBstores all data in that database.Use the sh.enableSharding() method to enable sharding on the target database.
For further your ref Here, Here & Here